Silent Circle Latest to Abandon NIST Encryption Algorithm

Just a few weeks after security firm RSA sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm that is suspected to have been “backdoored” by the NSA, secure global communications provider Silent Circle has announced they will replace NIST cipher suites in their products.

“At Silent Circle, we’ve been deciding what to do about the whole grand issue of whether the NSA has been subverting security. Despite all the fun that blogging about this has been, actions speak louder than words. Phil, Mike, and I have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite,” wrote Silent Circle co-founder John Callas.

In a statement on the matter, NIST officials said “we want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”

Nonetheless, RSA and Silent Circle probably won’t be the last to give the NIST algorithm the cold shoulder.

“This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs,” Callas said.